Device and method for concealing customer information from a customer service representative

ABSTRACT

A method of concealing customer-provided information from an operator during a telephone conversation between the operator and a customer includes receiving dual-tone-multi-frequency-encoded customer information via a telephone connection to a customer telephone and generating a request asking the customer to confirm the information. The method also includes converting the dual-tone-multi-frequency-encoded customer information into an ASCII data stream and sending the ASCII data stream to a computing device, whereby the operator is unable to discern the customer information.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.10/397,042, filed Mar. 24, 2003, and entitled, “DEVICE AND METHOD FORCONCEALING CUSTOMER INFORMATION FROM A CUSTOMER SERVICE REPRESENTATIVE.”The entire disclosure of the above application is hereby incorporated byreference, for all purposes, as if fully set forth herein.

BACKGROUND OF THE INVENTION

The present invention relates generally to receiving data via atelephone connection, and more particularly to receivingcustomer-centric data and converting it to computer-readable signals,while masking the data from an operator.

Telephones provide the most common means by which many individualscommunicate with businesses from which they receive services,particularly financial services. In many cases, the customer interfaceis an “operator” (a.k.a. customer service representative, accountrepresentative, and the like) manning a telephone in a call center. Alsoin many cases, the customer is required to provide sensitive informationto this unknown person.

For example, if a customer wishes to settle an outstanding accountbalance by providing payment information by telephone, the customer maygive a credit card number, debit card number, checking account number,or the like to the operator.

The present invention provides a device and method for using the devicethat allows a customer to provide sensitive information during atelephone conversation with a live operator in a way that conceals thesensitive information from the operator.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention thus provide a data masking deviceincluding a first input for receiving first electronic signalsrepresenting customer information and a first output for sending secondelectronic signals to a computing device. The device also includes asecond output for transmitting masked signals intended to indicate to anoperator that a customer is entering customer information and circuitryfor converting the first electronic signals into the second electronicsignals and the masked signals. The circuitry may be operable togenerate a confirmation request message directed to the customer andreceive a confirmation from the customer. The first electronic signalsmay include dual-tone-multi-frequency signals. The second electronicsignals may include ASCII characters. The second electronic signals mayinclude encrypted signals. The masked signals may includedual-tone-multi-frequency signals directed to a headset of the operator.The masked signals may include masking characters directed to a displaydevice.

In other embodiments of the present invention, a method of concealingcustomer-provided information from an operator during a telephoneconversation between the operator and a customer includes receivingdual-tone-multi-frequency-encoded customer information via a telephoneconnection to a customer telephone and generating a request asking thecustomer to confirm the information. The method also includes convertingthe dual-tone-multi-frequency-encoded customer information into an ASCIIdata stream and sending the ASCII data stream to a computing device. Inthis way, the operator is unable to discern the customer information.The method may include generating masking signals and sending themasking signals to a display device. In this way the masking signals areintended to provide the operator with a visual indication that thecustomer has entered information. The display device may include acomputer monitor associated with the computing device. The displaydevice may include a liquid crystal display panel. The display devicemay include a LED display. The method also may include generatingmasking signals and sending the masking signals to a headset of theoperator. The masking signals may include thedual-tone-multi-frequency-encoded customer information. The maskingsignals may include generic tones. The request asking the customer toconfirm the information may include a computer-generated voice. Thecomputer-generated voice may be in Spanish. Thedual-tone-multi-frequency-encoded information may be generated by areader. In which case the reader may include a device for readingmagnetic information from a card of the customer having a magneticstripe encoded with the information and/or a device for readinginformation from a document having magnetic ink printing.

In still other embodiments, a method of concealing customer-providedinformation from an operator during a telephone conversation between theoperator and a customer includes providing a data masking device that isoperable to receive dual-tone-multi-frequency-encoded customerinformation via a telephone connection to a customer telephone andgenerate a request asking the customer to confirm the information. Thedata masking device is further operable to convert thedual-tone-multi-frequency-encoded customer information into an ASCIIdata stream and send the ASCII data stream to a computing device. Themethod also includes initiating a telephone exchange with a customer,receiving dual-tone-multi-frequency-encoded customer information at thedata masking device, and using the data masking device to conceal thecustomer information from the operator.

Reference to the remaining portions of the specification, including thedrawings and claims, will realize other features and advantages of thepresent invention. Further features and advantages of the presentinvention, as well as the structure and operation of various embodimentsof the present invention, are described in detail below with respect tothe accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the nature and advantages of the presentinvention may be realized by reference to the remaining portions of thespecification and the drawings wherein like reference numerals are usedthroughout the several drawings to refer to similar components.

FIG. 1 a illustrates one example of a system that employs a data maskingdevice according to embodiments of the present invention.

FIG. 1 b illustrates an embodiment of a data masking device in greaterdetail.

FIG. 2 illustrates a method of using a data masking device, such as themasking device of FIG. 1.

DETAILED DESCRIPTION OF THE INVENTION

According to the present invention, a customer of a business may providesensitive information without revealing the information to an operatoracting on behalf of the business. As an example, a customer of a utilitycompany contacts the utility company to pay his utility bill. Theutility company may employ a system whereby the customer may pay bycheck, debit card, credit card, or the like by providing accountinformation to an operator. The operator may be an employee of theutility company or an employee of a vendor hired by the utility companyto provide telephone payment services. At the appropriate point in theconversation with the customer, the operator asks the customer forpayment account information. In response, instead of providing theinformation verbally, the customer provides the information by “keying”the information using, for example, a telephone keypad, cell phonekeypad, keyboard, reader, or the like, thus encoding it into tones orother electronic signals.

The tones generated by the customer are received by a data maskingdevice designed according to the teachings of the present invention. Thedata masking device converts the signals into computer-readable signalsand sends the computer-readable signals to a computer. In someembodiments the computer-readable signals may be encrypted. Thus,instead of verbally providing the sensitive information to the operatorwho then enters it into the computer, the customer is essentiallyentering the information directly into the computer, thus avoidingdisclosure of the information to the operator.

A number of enhancements to the data masking device make it even moreuseful. For example, the data masking device may capture the informationentered by the customer, repeat it back to the customer, and requestconfirmation from the customer that the information was enteredcorrectly. This may all take place before the device sends any data tothe computer. Only after the customer confirms the information does thedevice send the information to the computer. In some embodiments, thedevice may be programmed to repeat the information back to the customerin a language selected by the customer from a group of severallanguages.

Another enhancement provides visual and/or audible feedback to theoperator that the customer is entering information. For example, adisplay on the data masking device itself may display a maskingcharacter, such as an asterisk (*), for each digit entered by thecustomer. The masking character also or alternatively may be displayedin a data field on the display screen of the operator's computer. Insome embodiments the operator may hear tones confirming that thecustomer is entering information. The tones may be the same tonesgenerated by the customer or may be masking tones that do not disclosethe information.

Yet another enhancement allows the customer to enter information using adifferent input device. For example, the customer may enter theinformation using an alphanumeric keypad that provides more capabilitythan the simple number keypad found on most telephones. Thus, thecustomer is able to enter information having alpha characters as well asnumber characters. In some embodiments, the customer may enter theinformation using a reader that can read the MICR lines of a check orthe magnetic stripe of a credit card or debit card. Thus, the customercan “swipe” his card or “scan” his check, rather that keying theinformation into the telephone keypad. This reduces the opportunity forentry errors. In the case of the card reader, the reader may beconfigured to read other information encoded on the card, such as theexpiration date, security information, and the like. Either readerdevice my be configured to accept an input from the customer that actsas an electronic signature.

As will be seen, the present invention is not limited to enteringaccount information to pay utility bills. For example, the customer mayenter a password or other sensitive information that may be needed by anoperator. Further, the operator may represent any number of businessentities. For example, the operator may be employed by a credit cardcompany, mail order company, travel company, home shopping network, orthe like, and the sensitive customer information may be the customer'saccount number, password, personal identification number (PIN), socialsecurity number, or the like. Many other examples are possible and areapparent to those skilled in the art in light of the disclosure herein.

Having described the present invention generally, attention is directedto FIG. 1 a, which illustrates one embodiment of a data masking device100 according to the present invention. As those skilled in the art willrealize other embodiments, the example of FIG. 1 a is not to beconsidered limiting. The device 100 is connected to a customercommunication device 102, which may be, for example, a telephone. Theconnection is via a network 104, such as the Public Switched TelephoneNetwork (PSTN). In some embodiments, the network is a wireless networkthat provides a connection for customers using wireless phones or cellphones. The device 100 also is connected to a communication device 106,such as a telephone or telephone headset of an operator. The device 100simply passes vocal frequencies through to the operator's communicationdevice 106, thus enabling the customer to talk to the operator in thetraditional way. However, the customer also may enter sensitiveinformation using, for example, a keypad on the customer communicationdevice 102, in which case the device 100 decodes the information andsends it to a computing device 108.

In a specific embodiment, the sensitive information entered by thecustomer is encoded into a Dual-Tone-Multi-Frequency (DTMF) signalstream, as is known in the art. The device 100 receives the informationand provides audible and/or visual confirmation to the operator that thecustomer is entering information. Audible confirmation may be providedby simply passing the DTMF signal stream to the operator's communicationdevice 106. In most cases, this provides sufficient audible masking ofthe customer's sensitive information. However, if further audiblemasking is desired, the device 100 may send masking tones to theoperator's communication device 106. The masking tones may be the samefor each data character entered by the customer, may be randomlygenerated, or the like. Visual confirmation of the customer's entry maybe achieved while masking the information by entering masking charactersinto a data field on a display associated with the operator's computingdevice 108. Alternatively or additionally, visual confirmation may beachieved by displaying masking characters on a display 109 on the device100. This may be an LCD or LED screen or the like. In some embodiments,the visual confirmation is simply a series of flashes displayed by asingle LED. Many other examples are possible.

Continuing with this specific example, the device 100 captures theinformation entered by the customer and, using a computer-generatedvoice, repeats the information back to the customer, and asks thecustomer to confirm the information. This may be done by asking thecustomer to select specific keys on the keypad (e.g., “If this iscorrect, press 1. If this is incorrect, press 2.”) Once the customerconfirms the information, the device 100 converts the information into acomputer-readable signal stream and sends it to the computing device108. The computer-readable signal stream may be, for example, an ASCIIbit stream, as is known in the art. In some embodiments, the device 100may be arranged such that signals sent from an operator's input device110, such as a keyboard, are routed through the device 100. Thus, thedevice 100 may convert the DTMF signal stream into a signal stream usingbased on the same protocol used by the input device 110 to communicatewith the computing device 108.

The device 100 also may include a port 111 for receiving programminginformation. The port 111 may be based on any of a wide variety of wellknown communication protocols, including serial (9 pin), USB (1.0 or2.0), FireWire (IEEE 1394), and Infrared (IR). In some examples, theport 111 provides a wireless interface by which the device 100 receivesprogramming.

In some embodiments, the customer enters information using a reader 112located, for example, between the customer's communication device 102and a handset 114 associated with the customer's communication device.The reader 112 may be configured to read information from a “MICR” lineof a check and/or configured to read information from a magnetic stripon a credit or debit card. Thus, the customer may scan information froma check or swipe a card to encode the sensitive information. The readermay encode the information into DTMF signals or other signal streams.Other examples are possible.

Attention is directed to FIG. 1 b, which illustrates the data maskingdevice 100 in greater detail. The device includes one or more ports 116,as previously described. The ports 116 may be input ports, output ports,two-way ports, wired ports, wireless ports, and the like. The device 100also includes a processor 118. The processor may be any of a widevariety of programmable processors know to those skilled in the art. Insome embodiments, the processor is an Application Specific, IntegratedCircuit (ASIC), as is known. Many other examples are possible. Thedevice 100 also may include a power supply 120, which could be abattery, for example, although the device could be configured to drawpower from either the computing device 108 or the input device 110. Itshould be understood that the example of a data masking device 100 ofFIG. 1 b is not to be considered limiting.

Having described a device according to the present invention, attentionis directed to FIG. 2, which illustrates a method 200 according to thepresent invention. The method 200 may be carried out using the datamasking device 100 of FIG. 1. At block 202, a data masking device isconfigured for operation. For example, configuration programming mayinclude programming the device to generate responses in either Englishor Spanish at the option of a customer.

At block 204, the device receives and captures encoded information froma customer who is engaged in a conversation with a live operator. Thecustomer may encode information according to any of the teachingsdiscussed with respect to FIG. 1. For example, the customer may key theinformation using a telephone numeric keypad, an alpha characterkeyboard, a card or check reader, or the like. As the customer entersthe information, the device may pass confirmation tones to theoperator's communication device. The confirmation tones may includemasking tones or may simply be the tones generated by the customer.Alternatively or additionally, the device may send masking characters toa display. In some embodiments, the masking characters are not sent to adisplay until block 214, as will be described.

At block 206, the masking device repeats the information back to thecustomer and requests confirmation of the information from the customer.This may be done using a computer-generated voice in a language selectedby the customer. The customer's response may be in the form of aspecific digit for “yes” and a different specific digit for “no.”

At block 208, the device receives the customer's response. At block 210,the response is evaluated. If the customer indicates that theinformation was entered incorrectly, the process returns to block 204.If the customer confirms the information, the process continues at block210.

At block 212, the encoded information from the customer is converted toa computer-readable data stream. This operation may involve, forexample, converting a DTMF data stream into an ASCII bit stream.

At block 214, the device causes masking characters to be displayed on adisplay device. The display device may be located on the masking deviceitself. It may be for example, a LCD screen, and LED screen, a series ofLEDs, or the like. The display device also may be a computer displayscreen used by the operator, in which case the masking device may causemasking characters to be displayed in a data field representing thesensitive information entered by the customer. Other examples arepossible.

At block 216, the computer-readable data stream is routed to a computingdevice. The computing device may treat the data stream as if it wereentered by the operator. In examples wherein the masking device isinserted between the operator's keyboard and the operator's computingdevice, the computing device may not be able to tell the differencebetween data entered by the operator using the keyboard and datagenerated by the masking device in response to a customer's input.

In some embodiments, the device encrypts the data stream it send to thecomputing device. This further prevents unauthorized access to the data.The data encryption/decryption process may include one of severalmethods. For example, a decryption library may be used. The decryptionlibrary may be loaded on the computing device and used to convert theincoming encrypted data stream into meaningful information. In anotherexample, the data stream may be decrypted using an algorithm that may bespecific to the customer's account. In this way, the algorithm maycontrol access to different customer information based on a user'saccess level. Other examples are possible, each of which, renders thedata stream exiting the device useless unless the decryption process isincluded.

Having described several embodiments, it will be recognized by those ofskill in the art that various modifications, alternative constructions,and equivalents may be used without departing from the spirit of theinvention. Additionally, a number of well known processes and elementshave not been described in order to avoid unnecessarily obscuring thepresent invention. For example, those skilled in the art know how todesign and manufacture electronic circuitry to function according to theteachings of the present invention. Accordingly, the above descriptionshould not be taken as limiting the scope of the invention, which isdefined in the following claims.

What is claimed is:
 1. A data masking device for receiving customerinformation requested from a customer by an operator and providing thecustomer information to a computing device, comprising: a first inputfor receiving one or more first electronic signals comprising sensitivecustomer information; a first output for sending one or more secondelectronic signals to a computing device; a second output fortransmitting one or more masked signals that indicate to the operatorthat the customer is entering the requested customer information withoutrevealing the sensitive customer information to the operator; andcircuitry for converting the one or more first electronic signals intoboth the one or more second electronic signals and the one or moremasked signals, for sending the one or more second electronic signalsfrom the first output to the computing device and transmitting the oneor more masked signals from the second output to the operator to confirmthat the requested customer information is being entered by thecustomer, wherein the converting of the one or more first electronicsignals into the one or more masked signals comprises masking at least aportion of the one or more first electronic signals, and wherein the oneor more masked signals do not reveal the sensitive customer information.